Legal thoughts, since 2005.

ethics

This week's Daily Record column is entitled "New York State Bar on virtual law practices." My past Daily Record articles can be accessed here.

*****

New York State Bar on virtual law practices

Last week I discussed Schoenefeld v. State of New York, 25 N.Y.3d 22. In that case, the New York Court of Appeals interpreted the bona fide office rule as it relates to New York lawyers seeking to practice law from a virtual office, where the lawyer is located outside of the state. The court concluded that the clear language of New York’s bona fide office rule required “nonresident attorneys to maintain a physical office in New York.”

Shortly after that decision was handed down, the New York State Bar Association Committee on Professional Ethics examined the ethical obligations of an attorney licensed to practice law in New York but who was seeking to practice law from a virtual law office while residing in Virginia. In Opinion 1054 (April 10, 2015) the committee addressed this issue: “May a lawyer admitted only in New York and Pennsylvania practice in the federal courts in Virginia and before the Administrative Board of Veterans Affairs from a ‘virtual office’ in Virginia?”

The focus of the committee’s analysis revolved around choice of law issues and the circumstances under which the Virginia ethical rules would control the attorney’s conduct as opposed to the New York rules. After reviewing the facts and relevant law, the committee concluded that “the inquirer is deemed ‘licensed to practice’ in Virginia, and the New York disciplinary authorities would ordinarily apply the Virginia Rules of Professional Conduct to his conduct.”

Accordingly, he was permitted to operate a virtual practice in Virginia since “the Virginia State Bar Association ha(d) opined that he may practice from an office address in Virginia, as long as he limits his practice to federal court, and indicates on his letterhead, business cards and website that he is licensed to practice law only in New York and Pennsylvania.”

However, the committee noted that because he was practicing from a location in Virginia, his ability to solicit New York legal clients was necessarily limited by the New York rules regarding virtual practices and the requirement that New York lawyers have a bona fide office within the state. The committee explained that in its prior opinion, 1025 (2014), it concluded that New York courts have long held that Judiciary Law §470 requires attorneys who practice, but do not live, in New York, to have an office here.

The committee then referred to the Schoenefeld case from last month and opined: “Assuming the inquirer is soliciting business from New York residents, the inquirer must comply with various duties imposed by the Rules, see N.Y. State 1025 (2014) (listing duties under various Rules, and noting that there is no “virtual law office exception” to any of the Rules).”

However, the committee noted that after the New York Court of Appeals issued its decision in Schoenefeld, the matter was returned to the Second Circuit Court of Appeals for its determination as to the constitutionality of Judiciary Law §470. Obviously the outcome of that case may affect the status of the bona fide office requirement and the committee’s future conclusions in that regard.

So stay tuned, folks. In due time, the ability of New York-licensed attorneys to operate virtual law practices serving New York clients may change. But for now, an office within New York continues to be required.

This week's Daily Record column is entitled "ABA on lawyers mining social media for evidence" My past Daily Record articles can be accessed here.

*****

ABA on lawyers mining social media for evidence

Social media has been around for more than a decade now and its impact on our society is indisputable. But it’s only been in recent years that lawyers have begun to fully realize what a treasure trove of useful information can be obtained from social media throughout the litigation process.

Of course, mining social media for evidence has both drawbacks and benefits. Lawyers who seek to use social media evidence to obtain evidence for their cases must tread carefully and ensure that they fully comply with their ethical obligations when doing so.

Fortunately, there is a good amount of guidance available since a number of jurisdictions have addressed the ethics of mining social media for evidence. For the most part, the ethics boards have concluded that lawyers may not engage in deception when attempting to obtain information on social media, regardless of whether the party from whom information is sought is represented by counsel.

See, for example: Oregon State bar Ethics Committee Op. 2013-189 (lawyer may access an unrepresented individual’s publicly available social media information but “friending” known represented party impermissible absent express permission from party’s counsel); New York State Bar Opinion No. 843 [9/10/10] (attorney or agent can look at a party’s protected profile as long as no deception was used to gain access to it); New York City Bar Association Formal Opinion 2010-2 (attorney or agent can ethically “friend” unrepresented party without disclosing true purpose, but even so it is better not to engage in “trickery” and instead be truthful or use formal discovery); Philadelphia Bar Association Opinion 2009-02 (attorney or agent cannot “friend” unrepresented party absent disclosure that it relates to pending lawsuit); San Diego County Bar Association Opinion 2011-2 (attorney or agent can never “friend” represented party even if the reason for doing so is disclosed); and New York County Lawyers Association Formal Opinion No. 743 (attorney or agent can monitor jurors’ use of social media, but only if there are no passive notifications of the monitoring. The attorney must tell court if s/he discovers improprieties and can’t use the discovery of improprieties to gain a tactical advantage).

The American Bar Association’s Standing Committee on Ethics and Responsibility weighed in just last month. In Opinion 466, the committee considered “whether a lawyer who represents a client in a matter that will be tried to a jury may review the jurors’ or potential jurors’ presence on the Internet leading up to and during trial, and, if so, what ethical obligations the lawyer might have regarding information discovered during the review.”

In reaching its decision, the committee wisely compared the online activity at issue to similar offline activity, noting that viewing a juror’s publicly available online information was akin to observing a juror from a car while driving by the juror’s home. In both cases, the attorney is viewing information readily seen by the public and thus doing so did not constitute improper communication in violation of Rule 3.5(b).

However, when it came to attempting to view juror information that was not publicly viewable, the committee reached a different conclusion, holding that “(r)equesting access to a private area … is communication within this framework” and thus impermissible.

Interestingly, in regard to notifications sent by social networks to their users about the identity of people viewing their social media profiles, the committee reached a conclusion that differed from opinions on this issue handed down by other jurisdictions: “The fact that a juror or a potential juror may become aware that the lawyer is reviewing his Internet presence when an ESM network setting notifies the juror of such review does not constitute a communication from the lawyer in violation of Rule 3.5(b).”

And, last but not least, the committee required that lawyers researching jurors on social media had an “affirmative duty to act … triggered only when the juror’s known conduct is criminal or fraudulent, including conduct that is criminally contemptuous of court instructions.”

All in all this was a well-thought out opinion. I’m not sure I agree that passive notifications of social media profile views should be permissible since I think they arguably have the potential to affect a juror’s perception of the parties.

That being said, I was recently discussing this issue with my colleague, Rochester attorney and fellow Daily Record columnist, Scott Malouf, and he suggested that if a judge were to inform jurors at the outset of the case that the attorneys may research and view the jurors’ social media profiles, that would alleviate the perceived risk. He raises a good point. In addition, that instruction could offer the added benefit of discouraging jurors from engaging in improper online behavior thus reducing the risk of mistrials. So perhaps judges should consider adding that line to the boilerplate jury instructions.

I obtained a copy and eagerly began to read it, but when I reached this sarcastic sentence smack dab in the middle of the introduction (no embellishments added), I knew I was in for a doozy of a report: “For small firms, particularly, these (IT) costs were astronomical, if not utterly prohibitive. There had to be a better way, but where? And then this new prayer seemed to be answered; THE ‘CLOUD’ BURST FORTH!”

Things only went downhill from there. The entire report had a somewhat surreal, outdated quality about it, almost as if it had been written in 2007, when cloud computing first emerged on the scene.

The report was fraught with strange assertions like this one, found in the conclusion (emphasis added): “Lawyers have a wide variety of choices in Cloud services, and these will expand as Internet access gains nationwide reach and portable devices to access those services become cheaper, more durable and more secure.”

It was if the committee had written the report years ago, when Internet access was not readily available and mobile devices were as big as a brick, and then inexplicably decided to hold off on releasing it until 2013.

So, you probably won’t be surprised to learn that the committee’s analysis and recommendations regarding lawyers’ use of cloud computing were overly cautious, at best, and antiquated, at worst.

For example, the committee advised that “the provider should not possess the encryption key unless there is a compelling reason for it to have the key.”

This suggestion presumes lawyers seek only data storage in the cloud and ignores the fact that most cloud-based products are software products (software as a service or SaaS), such as email, billing, document management or law practice management software. These platforms run software on the provider’s end that necessarily requires the ability for the programs to interpret, create connections, organize and categorize the data. If the data is encrypted from the provider (as opposed to being encrypted from unauthorized prying eyes) while on the provider’s servers, the software is inoperable and useless to the attorney hoping to use it.

Another problematic recommendation was that lawyers should “obtain (their) clients’ consent before storing their information in the cloud or relying on cloud-based software for client-critical functions.“ Client consent is generally not a requirement when attorneys outsource the storage or handling of confidential client data in paper format, such as when storing old paper files in a warehouse or providing a process server with confidential documents. Electronic data should be treated no differently simply because the confidential information is stored in a different format.

Next up, the committee also recommended that lawyers ensure that they have the ability to access their data in the absence of an Internet connection: “(Find) a vendor who offers synchronization and storage of the cloud data to your device, or gives you the option of backing up your data automatically or manually to your local device.”

In other words, according to the committee, lawyers should continue to pay for and maintain costly on-site servers, thus defeating one of the primary benefits of cloud computing products: affordability and reduced IT costs.

One last example is the committee’s advisement that lawyers must supervise the cloud vendor’s provision of services: “Rule 5.3 requires an attorney to make reasonable efforts to supervise the work of nonlawyers that are ‘associated with’ the lawyer. Ethics opinions have extended this supervisory duty to the outsourcing context.”

This requirement is problematic since it holds lawyers to the same standard no matter what type of function is being outsourced. There is a big difference between outsourcing legal and administrative functions as opposed to outsourcing data management and storage to online legal service providers. Quite frankly it’s unreasonable to expect lawyers — or even some legal IT consultants — to oversee complex tasks requiring very specific expertise such as computer programming, encryption, data storage, and the delivery of said services. Asking them to do so is unrealistic.

At the end of the day, I don’t expect the recommendations in this report will withstand the test of time. In fact, I would argue that many of them are outdated already. At least, one can only hope.

This week's Daily Record column is entitled "Connecticut latest state to address cloud computing."

A pdf of the article can be found here and my past Daily Record articles can be accessed here.

*****

Connecticut latest state to address cloud computing

If you’ve been reading my column for any amount of time, you know that I believe that cloud computing is the future of computing — for law firms and for any other type of business. In fact, I’ve been saying this since 2008.

Back then, very few state bar associations had addressed the ethics of lawyers using cloud computing in their law practices. My, how times have changed!

Now, Connecticut has added its voice to the mix with its issuance of Informal Opinion 2013-07 just last month. In this opinion, the Committee on Professional Ethics considered whether it was ethically permissible for Connecticut lawyers to use cloud computing in their law practices.

At the outset, the committee explained that lawyers have always outsourced the handling of confidential client data to third parties: “Lawyers’ remote storage of data is not a new phenomenon; lawyers have been using off-site storage providers for many years, and the issues remain the same whether tangible records are stored in a “brick-and-mortar” warehouse or intangible data is stored on third-party servers.”

Next, in keeping with the conclusions reached in many other cloud computing ethics decisions, the committee acknowledged that absolute security is an impossibility and thus lawyers are not held to that standard: “The duty of confidentiality described in Rule 1.6 is rigid but tempered by the recognition that even when a lawyer acts competently to preserve the confidentiality of the data, reasonable safeguards sometimes fail …”

The committee then enunciated the standard that Connecticut lawyers seeking to use cloud computing in their practices must follow: “The Rules permit a lawyer to use the Internet to transmit, store and process data using shared computer facilities from the reasonably reliable cloud service provider as long as the lawyer undertakes reasonable efforts to prevent unauthorized access to or disclosure of such data.” This is essentially the same language used by the other ethics committees that have addressed this issue, so Connecticut’s adoption of this standard wasn’t surprising.

What came next was surprising, however, and and somewhat worrisome. The committee concluded that as part of a lawyer’s duty to stay abreast of changes in technology as required by Rule 1.1 and the duty to exercise due diligence when researching a cloud computing provider, lawyers must adequately supervise cloud computing providers.

The committee cited Rule 5.3, which addresses the lawyer’s responsibilities to supervise nonlawyer assistants, stating: “Cloud computing online outsourcing is subject to Rule 5.1 and Rule 5.3 governing the supervision of those who are hired by and associated with the lawyer. This means that the lawyer outsourcing cloud computing tasks (of transmitting, storing and processing data) must exercise reasonable efforts to select a cloud service provider whose conduct is compatible with the professional obligations of the lawyer and is able to limit authorized access to the data, ensure that the data is preserved (“backed up”), reasonably available to the lawyer, and reasonably safe from unauthorized intrusion.”

This requirement is troublesome since it implies that lawyers may have a duty to supervise cloud computing providers in the performance of their duties, even though most lawyers have no IT expertise. As I’ve explained in past articles, there is a fundamental difference between outsourcing legal and administrative functions and the outsourcing of data management and storage to online legal service providers. The bottom line is that most lawyers simply do not have the IT qualifications to oversee tasks like computer programming, encryption, data storage and the delivery of said services.

As it stands, I believe that the standard established by the committee is overly broad and fails to acknowledges that lawyers may not always have the necessary expertise to supervise non-lawyers, depending on the services provided. A better option would be to require that a lawyer’s supervision be reasonable under the circumstances, thus limiting the scope of an attorney’s supervision to areas which fall within their areas of expertise.

Signup for a free webinar, hosted by MyCase, on June 27th, 2013 at 11am PDT / 2pm EDT. At the webinar, Carolyn Elefant and I will discuss the top ten ethical red flags your firm should consider when taking on new technology.

Covered topics will include:

Confidentiality and security considerations when using cloud and mobile solutions

Attorney-client relationships, advertising, and other challenges when using social and online platforms

Virtual law office ethical issues, such as avoiding the unauthorized practice of law

The Presenters:

Carolyn Elefant is the Founder and Principal Attorney with the Law Offices of Carolyn Elefant in Washington D.C. She is also an ABA-published author. She wrote “Solo By Choice” and is the co-author of “Social Media For Lawyers.”

Nicole Black is an Attorney in Rochester, New York, the Business Development Director at MyCase, ABA-published author of “Cloud Computing For Lawyers” and co-author of “Social Media For Lawyers.”

CLE Accreditation Pending – MyCase is currently working with the California State Bar to be able to provide free CLE credit to webinar attendees.

This week's Daily Record column is entitled "Ethics of VLOs and advertising in New York."

A pdf of the article can be found here and my past Daily Record articles can be accessed here.

*****

The legal profession is in a state of flux. New technologies are changing the ways that lawyers advertise and deliver legal services. Internet-based tools, including social media and cloud computing, offer lawyers more choices than ever when it comes to running their practices and reaching potential clients.

As a result, innovation in the delivery of legal services, driven by rapid changes in technology, has increased greatly in recent years, with virtual law offices (VLOs) being a prime example. VLOs — where lawyers deliver legal services using an online portal — have become much more common, both because these types of practices are very flexible and cost-effective and because new cloud-based platforms have been introduced which are designed to support VLOs.

But as is always the case when lawyers innovate in the delivery of legal services, VLOs can trigger a host of ethical issues. Last month, the New York State Bar Association’s Committee on Professional Ethics addressed some of those issues in Opinion 964 (April 4).

In this opinion, the committee addressed two questions asked by an attorney who operated a virtual law practice out of her home and provided legal services and interacted with clients primarily using the Internet or by other electronic means. The inquiring attorney sough clarification regarding two different issues: 1) Whether she could use a commercial mailbox service address, in lieu of her home address, as her only office address listed in advertisements, and 2) Whether she could use a commercial mailbox service address as the only office address listed on business cards and letterhead.

The committee first addressed the definition of the term “principal law office address” as set forth in Rule 7.1(h), which provides, in relevant part, that “[a]ll advertisements shall include … the principal law office address … of the lawyer or law firm whose services are being offered.” The Committee reviewed past iterations of this rule, including the advertising rules adopted by the Appellate Divisions in 2007, which changed the term “office address” as set forth in DR 2-101(k), the prior version of the rule, to “principal law office address” as it section now appears in DR 2-101(h), the current version of the rule.

The committee explained that it interpreted the fact that the term changed so little from one iteration of the rule to the next to mean that the Appellate Divisions’ intent continued to be that “all lawyer advertisements were to disclose the address of an office where the lawyers were present and available for contact, and where personal service or delivery of legal papers could be effected.”

Accordingly, the committee concluded that in order to avoid misleading the legal consumer, all advertising for legal services must include the street address of the lawyer’s principal office, even if that address is the lawyer’s home address, as was the case with the inquiring attorney. However, the committee also determined that so long as the attorney’s business cards and letterhead were not being used as advertising, but instead were being “used in the ordinary course of professional practice or social intercourse without primary intent to secure retention,” then a mail drop address could be listed as the sole address without mention of the attorney’s principal address — in this case, her home address.

I believe the committee’s conclusion in this case is misguided and fails to acknowledge the realities of a 21st century law practice. In fact, I criticized the requirement that a lawyer include the address of a home office in advertisements back in 2007 when the new advertising rules were enacted. As I explained in 2007, one way to avoid the risk of misleading the legal consumer regarding an attorney’s location while maintaining the privacy and safety of a lawyer with a home office is to require that attorney advertising list the county or city in which the attorney practices along with a mail drop address, but not the exact address of the home office.

This opinion surprised me, since more often than not, the New York State Bar is ahead of the curve when it comes to addressing the ethical issues triggered by new technologies. But in this case, the committee’s decision is surprisingly short-sighted and penalizes innovative lawyers seeking to serve legal clients more efficiently and cost effectively. This is an unfortunate decision that I don’t think will withstand the test of time.

This week's Daily Record column is entitled "California lawyers can operate VLOs in the cloud."

A pdf of the article can be found here and my past Daily Record articles can be accessed here.

*****

California lawyers can operate VLOs in the cloud

With the rapid advancements in technology and a continued ailing economy, it’s no surprise that enterprising lawyers are regularly finding new ways to serve their clients more efficiently and affordably. Of course, innovating in the delivery of legal services can sometimes trigger ethical issues and as a result, lawyers will often query their state and local ethics committees about the efficacy of their ideas.

As a result, in recent years, a number of state and local bar associations have issued opinions on the ethical issues related to using cloud computing services to store confidential client data.

One of the most recent opinions was issued by the State Bar of California Standing Committee on Professional Responsibility and Conduct. I wrote about the proposed opinion last year, and the committee has now released the final opinion, Formal Opinion No. 2012-184.

At issue was this question: “May an attorney maintain a virtual law office practice (VLO) and still comply with her ethical obligations, if the communications with the client, and storage of and access to all information about the client’s matter, are all conducted solely through the internet using the secure computer servers of a third-party vendor (i.e., “cloud computing”)?”

At the outset, the committee addressed the cloud computing technology that the inquiring attorney intended to use in her VLO. The committee noted that because of the “the wholly outsourced Internet-based nature of our hypothetical VLO, special considerations are implicated, which require specific due diligence on the part of our VLO practitioner.”

Next the committee explained that although the inquiring attorney was not required to become a technology expert in order to ensure that client confidentiality was maintained when outsourcing the storage of client data to the cloud computing provider, she nevertheless had an obligation to take reasonable steps to understand — or to consult with someone who understood — the basic technology provided by her cloud vendor.

Of note, the committee determined that the inquiring attorney “should determine that the VLO vendor selected by her employs policies and procedures that at a minimum equal what attorney herself would do on her own to comply with her duty of confidentiality.”

Issues that an attorney must consider when assessing the vendor’s services include: 1) the vendor’s credentials, 2) the steps taken by the vendor to secure data, 3) whether the data stays within certain geographical boundaries, 4) the extent to which the attorney is able to supervise the vendor, and 5) the terms of service set forth in the contract with the vendor.

The committee also stressed that the attorney had a continuing duty to periodically reassess the services provided by the vendor. And, importantly, the committee adopted the majority position and concluded that client consent to store confidential client data in the cloud under the set-up described by the inquiring attorney was unnecessary — as long as the attorney appropriately exercised due diligence in vetting the cloud vendor.

Next, the committee turned to the attorney’s duty of competency when delivering legal services solely via an online channel. The committee explained that in order to meet her ethical obligations, the inquiring attorney must: 1) take steps to ensure that her intake system obtains necessary information from the potential client sufficient to allow the attorney to determine whether she is able to competently provide the legal services requested, 2) take steps to ensure that the client truly understands the legal concepts involved and the advice given, 3) take steps to ensure that the client is reasonably informed about case-related developments, including confirming that the client is receiving information posted to the online portal, 4) ensure that the client has access to technology which will permit use of the online portal and that the client fully understands how the technology works, 5) ensure that she complies with her ethical obligations regarding the scope of her representation as enumerated in Rules 3-1110 and 3-700, and 6) take reasonable steps to ensure that she appropriately supervises subordinate attorneys, and non-attorney employees or agents.

Also important was the committee’s final conclusion — that “(t)he Business and Professions Code and the Rules of Professional Conduct do not impose greater or different duties upon a VLO practitioner operating in the cloud than they do upon attorneys practicing in a traditional non-VLO.”

In other words, ethical obligations to clients remain the same, regardless of whether legal services are delivered via a brick and mortar office or a VLO; the medium does not change the ethics.

This week's Daily Record column is entitled "Florida Bar on the ethics of cloud computing."

A pdf of the article can be found here and my past Daily Record articles can be accessed here.

*****

By now, cloud computing should be a familiar concept, even if you don’t yet use it in your law practice. It has been around for years now and as a result, law firms are increasingly taking advantage of the benefits offered by this flexible, affordable technology.

For that reason, bar associations across the United States are being asked to opine on the ethics of lawyers using cloud computing in their law practices, with the most recent one being the Professional Ethics Committee of the Florida Bar, which issued Proposed Advisory Opinion 12-3 in January of this year.

At the outset of this opinion, the committee examined the concept of cloud computing, settling on the following definition: “Cloud computing” is defined as “Internet-based computing in which large groups of remote servers are networked so as to allow sharing of data-processing tasks, centralized data storage, and online access to computer services or resources.”

It then explained that the primary issue presented by the use of cloud computing by lawyers is confidentiality: “The main concern regarding cloud computing relates to confidentiality. Lawyers have an obligation to maintain as confidential all information that relates to a client’s representation, regardless of the source. Rule 4-1.6, Rules Regulating The Florida Bar.”

Importantly, as part of its analysis of this issue, the committee noted that Florida attorneys are required to stay abreast of changes in technology as part of their ethical obligations: “(T)his committee has previously opined that lawyers have an obligation to remain current not only in developments in the law, but also developments in technology that affect the practice of law. Florida Ethics Opinion 10-2.” In other words, ignorance of technology is no excuse and lawyers must ensure that they have an understanding of the technologies available to them, even if they choose not to use them in their practice.

Next, the committee turned to the issue at hand, noting that a number of ethics opinions have been issued in other jurisdictions which address the issue of whether lawyers can use cloud computing in their practices and that every ethics committee concluded that doing so was permissible. The opinions reviewed included: Alabama Ethics Opinion 40 2010-02, Arizona Ethics Opinion 09-04 (2009), Iowa Ethics Opinion 11-01 (2011), Nevada Formal Ethics Opinion 33 (2006), New York State Bar Ethics Opinion 842 (2010), and 57 Pennsylvania Ethics Opinion 2011-200.

After reviewing all of the opinions, the committee concluded that Florida attorneys could ethically use cloud computing in their law practices: “In summary, lawyers may use cloud computing if they take reasonable precautions to ensure that confidentiality of client information is maintained. The lawyer should research the service provider to be used, should ensure that the service provider maintains adequate security, should ensure that the lawyer has adequate access to the information stored remotely, and should consider backing up the data elsewhere as a precaution.”

And last, but not least, the committee cautioned that when dealing with particularly sensitive information, lawyers should consider whether housing said data in the cloud would be appropriate even where all of the above conditions were met.

Thus, Florida, one of the more conservative bars in the United States, joins other jurisdictions by giving the green light to the use of cloud computing by lawyers. The Florida bar’s acknowledgement of cloud computing as a viable option for Florida attorneys simply offers further confirmation, to the extent that it’s even needed at this point, that cloud computing is a secure, reliable technology that can safely be used by law firms.

This week's Daily Record column is entitled "Legal ethics and retention of electronic data."

A pdf of the article can be found here and my past Daily Record articles can be accessed here.

*****

Legal ethics and retention of electronic data

Fax machines are just one of the once familiar technologies that many businesses are now abandoning in favor of scanning, mailing or sharing digital documents via online platforms. Not surprisingly, the more conservative legal and financial industries are two of the last holdouts when it comes to faxes.

Even so, many lawyers are beginning to embrace the convenience and affordability offered by the concept of a paperless office. However, doing so can raise an assortment of ethical issues, since the confidentiality of client information must always be maintained, regardless of the format in which it is stored or distributed.

The Committee of Professional Ethics of the New York State Bar Association recently addressed issues of client confidentiality and alternate methods of data storage in Opinion 940 (Oct. 16). In this case, the inquiring attorney asked two questions: 1) Whether a law firm may use tape backups containing confidential client data, where the tape backups are stored offsite by a third party, and 2) are electronic copies sufficient when the New York Rules of Professional Conduct require an attorney to maintain certain records or must the attorney retain the paper originals?

The committee’s answer to the first question drew on its analysis from a prior opinion, Opinion 842, which addressed the ethical obligations of lawyers when using a cloud computing service to store confidential client data. The committee concluded that “the principles governing use of a ‘cloud’ storage system would also govern use of backup tapes maintained away from the firm’s premises.”

The committee explained that a lawyer must exercise reasonable care to protect the confidentiality of that information and suggested that steps to take include ensuring “that the provider maintaining the backup tapes ‘has an enforceable obligation to preserve confidentiality and security, and that the provider will notify the lawyer if served with process requiring the production of client information’ … and (will) (i)nvestigate the provider’s ‘data storage security measures, policies, recoverability methods, and other procedures to determine if they are adequate under the circumstances.’”

Next, the committee addressed the issue of whether a lawyer’s duty to maintain certain types of records for seven years pursuant to Rule 1.15(d)(1) was met by the retention of electronic copies. The committee explained that the answer depended on the types of records at issue and then identified certain documents which should generally be retained in their original paper form, including wills, deeds, contracts, promissory notes and some bank records.

Thus, the committee concluded that “(f)or certain kinds of records, the rules require that original paper documents be kept if the lawyer receives or initially maintains paper originals in the ordinary course of business. For certain other kinds of records, the rules require retention but permit a lawyer to keep electronic copies in lieu of paper originals if the electronic copies are in a format that preserves an image not subject to alteration without detection. For yet other kinds of records that must be retained, the rules permit electronic copies to be kept in lieu of paper originals without restriction.”

So, the bottom line is that in most cases retaining documents as required by Rule 1.15(d)(1) in electronic form is ethical. Likewise, it is ethical to store confidential client with a third party, whether on tape backups or otherwise. But prior to outsourcing the storage and maintenance of client data to a third party, lawyers must ensure that they have a basic understanding of the services and technologies provided by the provider and must exercise due diligence in researching the provider and the services provided.

A pdf of the article can be found here and my past Daily Record articles can be accessed here.

*****

NY Bar Gives Guidance for Lawyers Seeking Clients Online

As of May 2011, more than 65 percent of adults in the United States participated on social media sites, according to the Pew 2011 Internet & American Life Survey. That’s a lot of people interacting and sharing online, and lawyers are beginning to take notice.

Understandably, as more people use social media, more lawyers are beginning to acknowledge the potential benefits of online interaction. However, as is the case with any type of interaction with potential clients, whether online or off, there are risks of unintentionally violating ethics rules regarding solicitation, advertising, inadvertently creating an attorney client relationship and more.

Fortunately, for New York lawyers seeking guidance on these issues, the New York State Bar Association Committee on Professional Ethics addressed some of these concerns in Opinion 899 (12/21/11).

This opinion answered two questions: 1) Whether lawyers may answer legal questions in chat rooms or on other online social media sites; and 2) If so, whether lawyers may also offer their legal services in the course of answering questions?

When addressing the first question, the committee compared answering legal questions on the Internet to writing for publications on legal topics. The committee cited Rule 1.7(r) and advised that “a lawyer may write for publication on legal topics without affecting the right to accept employment, as long as the lawyer does not undertake to give individual advice.”

However, the committee also referenced the Comments to Rule 1.7(r) and cautioned that lawyers should refrain from misleading members of the public into thinking that “a general solution (is) applicable to all apparently similar individual problems, because slight changes in fact situations may require a material variance in the applicable advice.”

Finally, the committee turned to the issue of whether answering questions online constitutes advertising and concluded that in most cases it does not, as long as the communication’s “primary purpose is to educate and inform rather than to attract clients.”

Next, the committee considered the second question: whether lawyers answering questions online may simultaneously offer their legal services. At the outset, the committee noted that although Rule 7(a) prohibits lawyers from soliciting clients in chat rooms or on other social media sites, Rule 7.3(b) specifically excludes responses provided at the “specific request” of a prospective client.

However, the committee then explained that “a legal question posted by a member of the public on real-time interactive Internet or social media sites cannot be construed as a ‘specific request’ to retain the lawyer … (but) if a lawyer’s primary purpose in answering a question is not to encourage his own retention but rather is to educate the public by providing general answers to legal question, then Rule 7.3(a)(l) does not prohibit the lawyer’s responses.”

The committee then addressed the proper course of action to take when, during the course of an online interaction, a prospective client makes a specific request to retain legal services. The committee concluded that it is ethically permissible for a lawyer to respond to the request, but if the forum in which the request was made is public, the response must be made privately and “outside the site … so that persons who did not request the proposal cannot see it.”

In other words, when engaging in public online forums, lawyers should focus on providing general information that serves to educate the public and, if the interaction leads to a request for representation, the lawyer should follow up by requesting a means to engage in a private conversation, whether by phone, email or in person.

As a side note, the committee specifically states in its opinion that “the lawyer may respond (to a request to retain the lawyer) with a private written proposal outside the site” (emphasis added). Thus, presumably, responding to a request for representation via a private message at the social media site would be unacceptable. This makes no sense to me, since a private message at an online forum is no less private than an email or phone call, and is not visible to those who did not request information regarding legal services.

It unclear to me whether the committee reached this conclusion on purpose, whether it was an oversight, or whether it was due to a lack of understanding of the private messaging function available at many social media sites, such as Twitter, LinkedIn and Facebook. Nevertheless, according to my reading of this opinion, responding to a request for representation via a private message at a social media site may not be ethically permissible and should be avoided absent additional clarification from the committee in a subsequent opinion.

disclaimer

This site is intended purely as a resource guide for educational and informational purposes and is not intended to provide specific legal advice. This site should not be used as a substitute for competent legal advice from a professional attorney in your state. The use and receipt of the information offered on this site is not intended to create, nor does it create, an attorney-client relationship.

Please feel free to contact me via e-mail or otherwise. However, please be advised that an attorney-client relationship is not created through the act of sending electronic mail to me.

The comments on this blog are solely the opinions of the individuals leaving them. In no way does Legal Antics or Nicole L. Black endorse, condone, agree with, sponsor, etc. these comments.

Further, any information provided on this blog or in the comments should be taken at your own risk.